Installation

Configuration

Trojan cannot run without proper configuration. It uses JSON as its config format. All configuration work is done in /etc/trojan/. Detailed explanations of each field of the config file can be found here.

Examples of config files are at /usr/share/doc/trojan/examples/.

TLS certificate

You'll need to provide a TLS certificate and private key for Trojan servers to work. You can either apply for a free certificate with Let's Encrypt or generate a self-signed one in this way. Then, set the cert, key, and key_password fields in the config accordingly. Note that you should pin the certificate by setting cert on the client if you generate a self-signed certificate.

TCP Fast Open

For TCP Fast Open on servers to work, you'll need to turn it on in your OS:

# echo 3 > /proc/sys/net/ipv4/tcp_fastopen

Disguise

Trojan servers can be disguised as other services over TLS to prevent active probing. This can be done by, for example, running a web server with nginx and pointing remote_addr and remote_port fields to the server address and port.

Running

Systemd services

Trojan can be controlled with trojan.service and trojan@.service. For example, to start and enable Trojan with config file /etc/trojan/xxx.json, you can run: